PSC Staff has direct experience in the readiness and assessment of important international standards, including:
PSC will assist clients in implementing these standards and, if required, prepare for the certification process.
Companies normally have written and implemented a number of information security controls as they grow. Unfortunately, these controls are not usually organized around a common framework or structure and can be disorganized; contradictory between departments; incomplete; insecure; and, lack management oversight.
This “ad hoc” approach to security management leaves critical gaps in operational security controls and only addresses certain aspects of IT or data protection. Leaving non-IT information assets (such as trade secrets, information held by individuals and proprietary knowledge) less well protected.
ISO 27001 defines a common framework for management of policies and procedures by establishing an Information Security Management System (ISMS); selecting appropriate security controls to operate in that ISMS and implementing such controls. This process encompasses the entire organization using risk management techniques and asset management to deliver a common, consistent; adaptable and maintainable security profile that reduces the organizations risk to security issues, regardless of source.
PSC can help clients establish their ISMS and select appropriate controls. PSC will:
PSC will scope the ISMS with the client setting the boundaries for the system, then a risk assessment based on the ISO 27001 management requirements will be performed to identify risks; evaluate them and select the appropriate risk treatment. Based on the risk assessment, control objectives and appropriate procedures will be decided with the client and implemented.
The above assessment is performed with respect to the relevant sections of the ISO 27001 management standard and utilizing industry best practices for the controls and procedures. The actual security controls selected as appropriate will depend on the security risks disclosed during the assessment. The risk assessment will be conducted using a combination of interview and observation (of both current practices and documented processes), as follows:
PSC will then assist the client with the implementation of the ISMS including:
Once the ISMS is in place, PSC will assist client in the day to day management of the system and the ability to update and improve it over time. This will include:
PSC will assist clients with the implementation of both these standards including the management framework and scope; risk assessment; documentation (including all policies and procedures); internal assessments; preparation for certification and continuous improvement planning.